IDES confirms data breach in online unemployment system

By Peter Hancock Capitol News Illinois — May 21, 2020

Rep. Terri Bryant, R-Murphysboro, is shown in this file photo on the floor of the House chambers at the Capitol in Springfield. Bryant in a news release on Saturday revealed a data breach in an Illinois Department of Employment Security’s unemployment assistance portal online. (repbryant.com photo)

SPRINGFIELD — The Illinois Department of Employment Security has confirmed that a new online portal that processes claims for federal Pandemic Unemployment Assistance briefly allowed public access to applicants’ personal information including Social Security numbers.

The PUA system, which went online May 11, is a federal program that provides unemployment benefits to gig workers and other independent contractors who are not normally covered by regular unemployment insurance.

The data breach was first made public Saturday, May 14 when state Rep. Terri Bryant, a Murphysboro Republican, said in a news release that she had been alerted to the issue by a constituent the previous day.

“Through a series of just two clicks, this constituent stumbled upon the personal information of thousands of unemployment applicants on the IDES website,” Bryant said. “This came up in a spreadsheet with thousands of names containing sensitive information. The information she was able to access included the name, address, Social Security number, and unemployment claimant ID number of thousands of people.”

In a statement Monday, IDES said its analysis found that one PUA claimant had “inadvertently” accessed personal data for a limited number of claimants.

“That claimant notified the department of the issue and within an hour, it was corrected to prevent any future unauthorized access,” the agency said.

The state of Illinois contracted with the international business services company Deloitte to build and maintain the web-based portal. IDES said it is now working with the company to run a “full-scale investigation” into the problem while conducting additional tests to prevent any future data breaches. It also said it is working to notify affected individuals and will release the analysis of its investigation once it’s completed.

Asked about the issue during his daily COVID-19 briefing Monday, May 18 in Chicago, Gov. J.B. Pritzker said similar issues have occurred elsewhere in the public and private sectors but that the state and Deloitte were working to resolve the problem.

“This, as you know, has happened in large corporations and other aspects of other governments around the United States, and we don’t like it happening here,” Pritzker said. “Deloitte, which built that system, and obviously the glitch that was in there is something that was a result of the work that was done to build it, but they are offering credit reporting for all of those who are affected by it to make sure that they can monitor their credit in case there’s any problem they may undergo.”

Meanwhile, IDES still encourages people covered by the program to continue filing for benefits through the PUA portal. The agency said more than 50,000 claims have been processed through the system so far. The program provides up to 39 weeks’ worth of benefits for qualifying workers who have COVID-19-related claims.

People with questions or who need help with unemployment benefits are encouraged to visit IDES.Illinois.gov.

Capitol News Illinois is a nonprofit, nonpartisan news service covering state government and distributed to more than 400 newspapers statewide. It is funded primarily by the Illinois Press Foundation the Robert R. McCormick Foundation.